#!/bin/bash # # OpenVPN + Docker Wrapper Script # OPENVPN="/etc/openvpn" # Needed by easyrsa itself export EASYRSA="/usr/local/share/easy-rsa/easyrsa3" export EASYRSA_PKI="$OPENVPN/pki" export EASYRSA_VARS_FILE="$OPENVPN/vars" set -ex abort() { echo "Error: $@" exit 1 } if [ $# -lt 1 ]; then abort "No command specified" fi do_openvpn() { mkdir -p /dev/net if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200 fi iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE openvpn --config "$OPENVPN/udp1194.conf" } do_init() { cn=$1 # Provides a sufficient warning before erasing pre-existing files easyrsa init-pki # For a CA key with a password, manually init; this is autopilot easyrsa build-ca nopass easyrsa gen-dh openvpn --genkey --secret $OPENVPN/pki/ta.key if [ -z "$cn"]; then #TODO: Handle IPv6 (when I get a VPS with IPv6)... ip4=$(dig +short myip.opendns.com @resolver1.opendns.com) ptr=$(dig +short -x $ip4 | sed -e 's:\.$::') [ -n "$ptr" ] && cn=$ptr || cn=$ip4 fi echo "$cn" > $OPENVPN/servername easyrsa build-server-full $cn nopass [ -f "$OPENVPN/udp1194.conf" ] || cat > "$OPENVPN/udp1194.conf" < $(cat $EASYRSA_PKI/private/$cn.key) $(cat $EASYRSA_PKI/issued/$cn.crt) $(cat $EASYRSA_PKI/ca.crt) $(cat $EASYRSA_PKI/dh.pem) # #$(echo cat $EASYRSA_PKI/ta.key) # #key-direction 1 remote $servername 1194 udp EOF } # Read arguments from command line cmd=$1 shift case "$cmd" in # nop for volume creation init) do_init "$@" ;; easyrsa) easyrsa "$@" ;; easyrsa-export-vars) if [ -f "$EASYRSA_VARS_FILE" ]; then cat "$EASYRSA_VARS_FILE" else cat "$EASYRSA/vars.example" fi ;; easyrsa-import-vars) cat > "$EASYRSA_VARS_FILE" ;; bash) $cmd "$@" ;; getclientconfig) do_getclientconfig "$@" ;; openvpn) do_openvpn "$@" ;; log) tail -F /tmp/openvpn-status-1194.log ;; *) abort "Unknown cmd \"$cmd\"" ;; esac